| Risk Level | Number of Alerts |
|---|---|
|
High
|
4
|
|
Medium
|
13
|
|
Low
|
11
|
|
Informational
|
13
|
|
High |
Cross Site Scripting (Reflected) |
|---|---|
| Description |
Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
|
| URL | http://127.0.0.1/?page=%22+onMouseOver%3D%22alert%281%29%3B |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=%3C%2Fdiv%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cdiv%3E |
| Method | GET |
| Parameter | pagename |
| Attack | </div><scrIpt>alert(1);</scRipt><div> |
| Evidence | </div><scrIpt>alert(1);</scRipt><div> |
| Other Info | |
| URL | http://127.0.0.1/index.php?do=toggle-hints&page=%22+onMouseOver%3D%22alert%281%29%3B |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=%22+onMouseOver%3D%22alert%281%29%3B |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B&redirectPage=captured-data.php |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B&username=anonymous |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=%22%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E |
| Method | GET |
| Parameter | redirectPage |
| Attack | "><scrIpt>alert(1);</scRipt> |
| Evidence | "><scrIpt>alert(1);</scRipt> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=password-generator.php&username=%22%3Balert%281%29%3B%22 |
| Method | GET |
| Parameter | username |
| Attack | ";alert(1);" |
| Evidence | ";alert(1);" |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=javascript%3Aalert%281%29%3B |
| Method | GET |
| Parameter | page-to-frame |
| Attack | javascript:alert(1); |
| Evidence | javascript:alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?PathToDocument=%3C%2Fdiv%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cdiv%3E&page=document-viewer.php |
| Method | GET |
| Parameter | PathToDocument |
| Attack | </div><scrIpt>alert(1);</scRipt><div> |
| Evidence | </div><scrIpt>alert(1);</scRipt><div> |
| Other Info | |
| URL | http://127.0.0.1/index.php?PathToDocument=robots.txt&page=%22+onMouseOver%3D%22alert%281%29%3B |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=%22+onMouseOver%3D%22alert%281%29%3B |
| Method | GET |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B |
| Method | POST |
| Parameter | page |
| Attack | " onMouseOver="alert(1); |
| Evidence | " onMouseOver="alert(1); |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | password |
| Attack | '"<scrIpt>alert(1);</scRipt> |
| Evidence | '"<scrIpt>alert(1);</scRipt> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | username |
| Attack | '"<scrIpt>alert(1);</scRipt> |
| Evidence | '"<scrIpt>alert(1);</scRipt> |
| Other Info | |
| Instances | 17 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
|
| Reference |
https://owasp.org/www-community/attacks/xss/
https://cwe.mitre.org/data/definitions/79.html |
| CWE Id | 79 |
| WASC Id | 8 |
| Plugin Id | 40012 |
|
High |
Path Traversal |
|---|---|
| Description |
The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.
Most web sites restrict user access to a specific portion of the file-system, typically called the "web document root" or "CGI root" directory. These directories contain the files intended for user access and the executable necessary to drive web application functionality. To access files or execute commands anywhere on the file-system, Path Traversal attacks will utilize the ability of special-characters sequences.
The most basic Path Traversal attack uses the "../" special-character sequence to alter the resource location requested in the URL. Although most popular web servers will prevent this technique from escaping the web document root, alternate encodings of the "../" sequence may help bypass the security filters. These method variations include valid and invalid Unicode-encoding ("..%u2216" or "..%c0%af") of the forward slash character, backslash characters ("..\") on Windows-based servers, URL encoded characters "%2e%2e%2f"), and double URL encoding ("..%255c") of the backslash character.
Even if the web server properly restricts Path Traversal attempts in the URL path, a web application itself may still be vulnerable due to improper handling of user-supplied input. This is a common problem of web applications that use template mechanisms or load static text from files. In variations of the attack, the original URL parameter value is substituted with the file name of one of the web application's dynamic scripts. Consequently, the results can reveal source code because the file is interpreted as text instead of an executable script. These techniques often employ additional special characters such as the dot (".") to reveal the listing of the current working directory, or "%00" NULL characters in order to bypass rudimentary file extension checks.
|
| URL | http://127.0.0.1/?page=%2Fetc%2Fpasswd |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?do=toggle-hints&page=%2Fetc%2Fpasswd |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=%2Fetc%2Fpasswd |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd&redirectPage=captured-data.php |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd&username=anonymous |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?PathToDocument=robots.txt&page=%2Fetc%2Fpasswd |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=%2Fetc%2Fpasswd |
| Method | GET |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd |
| Method | POST |
| Parameter | page |
| Attack | /etc/passwd |
| Evidence | root:x:0:0 |
| Other Info | |
| Instances | 10 |
| Solution |
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses, and exclude directory separators such as "/". Use an allow list of allowable file extensions.
Warning: if you attempt to cleanse your data, then do so that the end result is not in the form that can be dangerous. A sanitizing mechanism can remove characters such as '.' and ';' which may be required for some exploits. An attacker can try to fool the sanitizing mechanism into "cleaning" data into a dangerous form. Suppose the attacker injects a '.' inside a filename (e.g. "sensi.tiveFile") and the sanitizing mechanism removes the character resulting in the valid filename, "sensitiveFile". If the input data are now assumed to be safe, then the file may be compromised.
Inputs should be decoded and canonicalized to the application's current internal representation before being validated. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allow list schemes by introducing dangerous inputs after they have been checked.
Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links.
Run your code using the lowest privileges that are required to accomplish the necessary tasks. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.
OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.
This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
|
| Reference |
https://owasp.org/www-community/attacks/Path_Traversal
https://cwe.mitre.org/data/definitions/22.html |
| CWE Id | 22 |
| WASC Id | 33 |
| Plugin Id | 6 |
|
High |
Remote File Inclusion |
|---|---|
| Description |
Remote File Include (RFI) is an attack technique used to exploit "dynamic file include" mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.
Almost all web application frameworks support file inclusion. File inclusion is mainly used for packaging common code into separate files that are later referenced by main application modules. When a web application references an include file, the code in this file may be executed implicitly or explicitly by calling specific procedures. If the choice of module to load is based on elements from the HTTP request, the web application might be vulnerable to RFI.
An attacker can use RFI for:
* Running malicious code on the server: any code in the included malicious files will be run by the server. If the file include is not executed using some wrapper, code in include files is executed in the context of the server user. This could lead to a complete system compromise.
* Running malicious code on clients: the attacker's malicious code can manipulate the content of the response sent to the client. The attacker can embed malicious code in the response that will be run by the client (for example, JavaScript to steal the client session cookies).
PHP is particularly vulnerable to RFI attacks due to the extensive use of "file includes" in PHP programming and due to default server configurations that increase susceptibility to an RFI attack.
|
| URL | http://127.0.0.1/?page=http%3A%2F%2Fwww.google.com%2F |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=http%3A%2F%2Fwww.google.com%2F |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F&redirectPage=captured-data.php |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F&username=anonymous |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?PathToDocument=robots.txt&page=http%3A%2F%2Fwww.google.com%2F |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=http%3A%2F%2Fwww.google.com%2F |
| Method | GET |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F |
| Method | POST |
| Parameter | page |
| Attack | http://www.google.com/ |
| Evidence | <title>Google</title> |
| Other Info | |
| Instances | 9 |
| Solution |
Phase: Architecture and Design
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
For example, ID 1 could map to "inbox.txt" and ID 2 could map to "profile.txt". Features such as the ESAPI AccessReferenceMap provide this capability.
Phases: Architecture and Design; Operation
Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.
OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.
This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
Be careful to avoid CWE-243 and other weaknesses related to jails.
For PHP, the interpreter offers restrictions such as open basedir or safe mode which can make it more difficult for an attacker to escape out of the application. Also consider Suhosin, a hardened PHP extension, which includes various options that disable some of the more dangerous PHP features.
Phase: Implementation
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use an allow list of allowable file extensions, which will help to avoid CWE-434.
Phases: Architecture and Design; Operation
Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server's access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.
This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce your attack surface.
Phases: Architecture and Design; Implementation
Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components.
|
| Reference |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion
https://cwe.mitre.org/data/definitions/98.html |
| CWE Id | 98 |
| WASC Id | 5 |
| Plugin Id | 7 |
|
High |
SQL Injection - MySQL |
|---|---|
| Description |
SQL injection may be possible.
|
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=%27 |
| Method | GET |
| Parameter | level1HintIncludeFile |
| Attack | ' |
| Evidence | You have an error in your SQL syntax |
| Other Info | RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised. |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=%27 |
| Method | GET |
| Parameter | pagename |
| Attack | ' |
| Evidence | You have an error in your SQL syntax |
| Other Info | RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | password |
| Attack | ' |
| Evidence | You have an error in your SQL syntax |
| Other Info | RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | username |
| Attack | ' |
| Evidence | You have an error in your SQL syntax |
| Other Info | RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised. |
| Instances | 4 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the principle of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 40018 |
|
Medium |
Absence of Anti-CSRF Tokens |
|---|---|
| Description |
No Anti-CSRF tokens were found in a HTML submission form.
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
CSRF attacks are effective in a number of situations, including:
* The victim has an active session on the target site.
* The victim is authenticated via HTTP auth on the target site.
* The victim is on the same local network as the target site.
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
|
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="index.php?page=login.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfLoginForm(this);" id="idLoginForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "login-php-submit-button" "password" "redirectPage" "username" ]. |
| URL | https://127.0.0.1/index.php?page=content-security-policy.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=content-security-policy.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="index.php?page=content-security-policy.php" method="post" enctype="application/x-www-form-urlencoded" id="idCSPForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "content-security-policy-php-submit-button" "idMessageInput" ]. |
| URL | https://127.0.0.1/index.php?page=html5-storage.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=html5-storage.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="index.php?page=html5-storage.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return false;" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "idDOMStorageItemInput" "idDOMStorageKeyInput" "SessionStorageType" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-1.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-1.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-2.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-2.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-3.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-3.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-4.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-4.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-5.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-5.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-6.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-6.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-7.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-7.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-8.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-8.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-9.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=labs/lab-9.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="index.php?page=login.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfLoginForm(this);" id="idLoginForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "login-php-submit-button" "password" "redirectPage" "username" ]. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="index.php?page=pen-test-tool-lookup.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="" id="idForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "pen-test-tool-lookup-php-submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=register.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="index.php?page=set-background-color.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfForm(this);" style="background-color:#ZAP" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "id_background_color" "set-background-color-php-submit-button" ]. |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="index.php?page=test-connectivity.php" method="post" enctype="application/x-www-form-urlencoded" id="idEchoForm"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "echo-php-submit-button" "idServerURLInput" ]. |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ]. |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="./index.php?page=user-info-xpath.php" method="GET" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfForm(this);" > |
| Other Info | No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "page" "password" "user-info-php-submit-button" "username" ]. |
| Instances | 155 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, use anti-CSRF packages such as the OWASP CSRFGuard.
Phase: Implementation
Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.
Phase: Architecture and Design
Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).
Note that this can be bypassed using XSS.
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
Note that this can be bypassed using XSS.
Use the ESAPI Session Management control.
This control includes a component for CSRF.
Do not use the GET method for any request that triggers a state change.
Phase: Implementation
Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/352.html |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 10202 |
|
Medium |
Application Error Disclosure |
|---|---|
| Description |
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
|
| URL | http://127.0.0.1/classes/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/installation.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: require_once(./includes/constants.php): Failed to open stream: No such file or directory in <b>/var/www/mutillidae/documentation/installation.php</b> on line <b>7</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/documentation/usage-instructions.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: require_once(./includes/constants.php): Failed to open stream: No such file or directory in <b>/var/www/mutillidae/documentation/usage-instructions.php</b> on line <b>7</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | You have an error in your SQL syntax |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | You have an error in your SQL syntax |
| Other Info | |
| URL | http://127.0.0.1/includes/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/footer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/footer.php</b> on line <b>8</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=credits.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=show-log.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/information-disclosure-comment.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/information-disclosure-comment.php</b> on line <b>12</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/log-visit.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $LogHandler in <b>/var/www/mutillidae/includes/log-visit.php</b> on line <b>17</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=credits.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=show-log.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined array key "pagename" in <b>/var/www/mutillidae/includes/pop-up-help-context-generator.php</b> on line <b>20</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/process-commands.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/process-commands.php</b> on line <b>12</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/includes/process-login-attempt.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>14</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/javascript/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/images/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | You have an error in your SQL syntax |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | You have an error in your SQL syntax |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | You have an error in your SQL syntax |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | You have an error in your SQL syntax |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=browser-info.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Fatal error</b>: Invalid callback self::doHandleException, cannot access "self" when no class scope is active in <b>Unknown</b> on line <b>0</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=client-side-control-challenge.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $lFields in <b>/var/www/mutillidae/client-side-control-challenge.php</b> on line <b>516</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $lErrorNoChoiceMade in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>144</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $lErrorNoChoiceMade in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>144</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $lErrorNoChoiceMade in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>144</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined array key "forwardurl" in <b>/var/www/mutillidae/redirectandlog.php</b> on line <b>30</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined array key "forwardurl" in <b>/var/www/mutillidae/redirectandlog.php</b> on line <b>30</b><br /> |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $cUSERNAME_OR_PASSWORD_INCORRECT in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>48</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $cACCOUNT_DOES_NOT_EXIST in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>49</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $cUSERNAME_OR_PASSWORD_INCORRECT in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>48</b><br /> |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined variable $lPenTestToolsJSON in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>150</b><br /> |
| Other Info | |
| Instances | 154 |
| Solution |
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
|
| Reference | |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 90022 |
|
Medium |
CSP: Wildcard Directive |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | http://127.0.0.1/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=captured-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=documentation/installation.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=documentation/usage-instructions.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=documentation/vulnerabilities.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/?page=add-to-your-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/?page=credits.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=back-button-discussion.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=capture-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=conference-room-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=cors.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=dns-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=jwt.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=password-generator.php&username=anonymous |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=phpinfo.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=privilege-escalation.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=secret-administrative-pages.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=sqlmap-targets.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=ssl-misconfiguration.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=user-info.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=user-poll.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=view-someones-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=xml-validator.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=html5-storage.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-2.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-6.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=labs/lab-9.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. |
| Instances | 135 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy https://content-security-policy.com/ https://github.com/HtmlUnit/htmlunit-csp https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
CSP: script-src unsafe-inline |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | http://127.0.0.1/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=captured-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=documentation/installation.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=documentation/usage-instructions.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=documentation/vulnerabilities.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/?page=add-to-your-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/?page=credits.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=back-button-discussion.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=capture-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=conference-room-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=cors.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=dns-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=jwt.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=password-generator.php&username=anonymous |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=phpinfo.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=privilege-escalation.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=secret-administrative-pages.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=sqlmap-targets.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=ssl-misconfiguration.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=user-info.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=user-poll.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=view-someones-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=xml-validator.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=html5-storage.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-2.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-6.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-9.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | script-src includes unsafe-inline. |
| Instances | 135 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy https://content-security-policy.com/ https://github.com/HtmlUnit/htmlunit-csp https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
CSP: style-src unsafe-inline |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | http://127.0.0.1/ |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=captured-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=documentation/installation.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=documentation/usage-instructions.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=documentation/vulnerabilities.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/?page=add-to-your-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/?page=credits.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=back-button-discussion.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=capture-data.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=conference-room-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=content-security-policy.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'self' 'nonce-a4115737d0b9b2ef04a90882f4c4d2855d6cb0845a403f1b06c28a79bcb04d94';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'self' 'nonce-83057af36b2ed8071b8eea3dcce4f107aa2f4bb1b139598872924f3c8a237074';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'self' 'nonce-41f4641c75c767dda07dda44a7c8bb31c976eaf6dce8f9c4eb80e9223edb1a6c';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'self' 'nonce-ef0211642517270a1a28460bdcd86db4c1433b8a5d9c3d58bc48989d5fec06f9';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=cors.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=dns-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1 |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=jwt.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=password-generator.php&username=anonymous |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=phpinfo.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=privilege-escalation.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=secret-administrative-pages.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=sqlmap-targets.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=ssl-misconfiguration.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=user-info.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=user-poll.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=view-someones-blog.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=xml-validator.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php |
| Method | GET |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=content-security-policy.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | script-src 'self' 'nonce-e11409dad956c4cc010a48dbbaf5bbecd03a168e8ebcdff4ed3fee5d147d98d3';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=html5-storage.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-2.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-6.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=labs/lab-9.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| URL | https://127.0.0.1/index.php?page=set-background-color.php |
| Method | POST |
| Parameter | Content-Security-Policy |
| Attack | |
| Evidence | frame-ancestors 'none'; |
| Other Info | style-src includes unsafe-inline. |
| Instances | 140 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
|
| Reference |
https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy https://content-security-policy.com/ https://github.com/HtmlUnit/htmlunit-csp https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10055 |
|
Medium |
Cross-Domain Misconfiguration |
|---|---|
| Description |
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.
|
| URL | http://127.0.0.1/webservices/rest/ws-test-connectivity.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| URL | https://127.0.0.1/webservices/rest/ws-test-connectivity.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Other Info | The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. |
| Instances | 2 |
| Solution |
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
|
| Reference | https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy |
| CWE Id | 264 |
| WASC Id | 14 |
| Plugin Id | 10098 |
|
Medium |
Directory Browsing |
|---|---|
| Description |
It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files, backup source files, etc., which can be accessed to reveal sensitive information.
|
| URL | http://127.0.0.1/classes/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/classes/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/data/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/data/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/documentation/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/documentation/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/images/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/images/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/images/gritter/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/images/gritter/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/includes/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/includes/hints/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/ddsmoothmenu/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/gritter/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/hints/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/inline-initializers/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/jQuery/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/jQuery/colorbox/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/images/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/jQuery/colorbox/images/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/javascript/on-page-scripts/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/passwords/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/passwords/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/styles/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/styles/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/styles/ddsmoothmenu/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/styles/ddsmoothmenu/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/styles/gritter/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/styles/gritter/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/webservices/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/webservices/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/webservices/rest/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/webservices/rest/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/webservices/soap/ |
| Method | GET |
| Parameter | |
| Attack | http://127.0.0.1/webservices/soap/ |
| Evidence | Parent Directory |
| Other Info | |
| URL | http://127.0.0.1/classes/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/classes/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /classes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/data/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /data</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/documentation/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /documentation</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/includes/hints/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /includes/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/ddsmoothmenu</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/gritter/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/gritter</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/hints/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/hints/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/hints/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/hints/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/hints/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/hints</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/inline-initializers</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery/colorbox</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery/colorbox</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery/colorbox</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery/colorbox</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery/colorbox</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/images/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/jQuery/colorbox/images</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /javascript/on-page-scripts</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| URL | http://127.0.0.1/passwords/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /passwords</title> |
| Other Info | Web server identified: Apache 2 |
| Instances | 142 |
| Solution |
Configure the web server to disable directory browsing.
|
| Reference | https://cwe.mitre.org/data/definitions/548.html |
| CWE Id | 548 |
| WASC Id | 16 |
| Plugin Id | 10033 |
|
Medium |
HTTP to HTTPS Insecure Transition in Form Post |
|---|---|
| Description |
This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.
|
| URL | http://127.0.0.1 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1 The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/ The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/includes/header.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/includes/header.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=add-to-your-blog.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/includes/header.php?page=credits.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=credits.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/includes/header.php?page=show-log.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=show-log.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/includes/header.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=text-file-viewer.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=documentation/installation.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=documentation/installation.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=documentation/usage-instructions.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=documentation/usage-instructions.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=documentation/vulnerabilities.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=documentation/vulnerabilities.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-10.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-11.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-12.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-13.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-14.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-15.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-16.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-17.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-18.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-19.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-20.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-21.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-22.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-23.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-24.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-25.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-26.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-27.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-28.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-29.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-30.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-31.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-32.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-33.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-34.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-35.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-36.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-37.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-38.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-39.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-40.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-41.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-42.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-43.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-44.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-45.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-46.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-47.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-48.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-49.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-50.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-51.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-52.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-53.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-54.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-55.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-56.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-57.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-58.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-59.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-60.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-61.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-62.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-63.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-14.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-19.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-53.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-54.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | https://www.paypal.com/cgi-bin/webscr |
| Other Info | The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> |
| Instances | 89 |
| Solution |
Use HTTPS for landing pages that host secure forms.
|
| Reference | |
| CWE Id | 319 |
| WASC Id | 15 |
| Plugin Id | 10041 |
|
Medium |
Hidden File Found |
|---|---|
| Description |
A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.
|
| URL | http://127.0.0.1/phpinfo.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | HTTP/1.1 200 OK |
| Other Info | phpinfo |
| Instances | 1 |
| Solution |
Consider whether or not the component is actually required in production, if it isn't then disable it. If it is then ensure access to it requires appropriate authentication and authorization, or limit exposure to internal systems or specific source IPs, etc.
|
| Reference |
https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan-for-Secrets-on-Web-Servers.html
https://www.php.net/manual/en/function.phpinfo.php |
| CWE Id | 538 |
| WASC Id | 13 |
| Plugin Id | 40035 |
|
Medium |
Missing Anti-clickjacking Header |
|---|---|
| Description |
The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.
|
| URL | http://127.0.0.1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/?page=show-log.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/CSRFTokenHandler.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/classes/DirectoryIterationHandler.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/data/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/installation.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/usage-instructions.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/documentation/vulnerabilities.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/framer.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/footer.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=credits.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=show-log.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/header.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/hints/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/information-disclosure-comment.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/log-visit.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=credits.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=show-log.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/minimum-class-definitions.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/process-commands.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/includes/process-login-attempt.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-1.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-2.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-3.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-4.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-5.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-6.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-7.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-8.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-9.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/gritter/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/hints/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/inline-initializers/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/jQuery/colorbox/images/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/passwords/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/set-up-database.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/webservices/rest/ws-user-account.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/webservices/soap/ws-echo.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/webservices/soap/ws-lookup-dns.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/webservices/soap/ws-test-connectivity.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/webservices/soap/ws-user-account.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/framer.html |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=./documentation/vulnerabilities.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=arbitrary-file-inclusion.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=capture-data.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=client-side-comments.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=content-security-policy.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=cors.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=credits.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=directory-browsing.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=framing.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=html5-storage.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-1.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-11.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-17.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-2.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-22.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-26.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-3.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-33.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-39.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-4.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-46.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-48.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-5.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-55.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-57.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-6.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-63.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-7.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-8.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-9.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=password-generator.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup-ajax.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=register.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=robots-txt.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=set-background-color.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=site-footer-xss-discussion.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=styling-frame.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=test-connectivity.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-agent-impersonation.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-info-xpath.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=browser-info.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=cache-control.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=client-side-comments.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=client-side-control-challenge.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=credits.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=directory-browsing.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=documentation/installation.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=documentation/usage-instructions.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=documentation/vulnerabilities.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=framing.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=html5-storage.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-1.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-12.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-15.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-18.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-2.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-3.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-32.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-36.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-39.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-4.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-41.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-42.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-44.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-49.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-5.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-52.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-56.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-57.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-58.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-59.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-6.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-60.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-62.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-63.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-7.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-8.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-9.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=nice-tabby-cat.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=password-generator.php&username=canary |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=password-generator.php&username=ZAP |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=register.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=robots-txt.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=site-footer-xss-discussion.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-agent-impersonation.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=view-account-profile.php&uid=39 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/rene-magritte.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/set-up-database.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/styling.php?page-title=Styling%20with%20Mutillidae |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/webservices/rest/ws-user-account.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/webservices/soap/ws-echo.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/webservices/soap/ws-lookup-dns.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/webservices/soap/ws-test-connectivity.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/webservices/soap/ws-user-account.php |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | http://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-1.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-10.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-11.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-13.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-14.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-16.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-17.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-19.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-20.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-21.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-22.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-24.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-25.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-26.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-27.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-28.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-29.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-3.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-30.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-31.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-33.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-34.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-35.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-37.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-38.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-4.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-40.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-43.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-45.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-46.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-47.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-48.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-5.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-50.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-51.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-53.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-54.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-55.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-7.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=labs/lab-8.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=login.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=pen-test-tool-lookup.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=register.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=test-connectivity.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| URL | https://127.0.0.1/index.php?page=user-info-xpath.php |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Other Info | |
| Instances | 697 |
| Solution |
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.
If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
|
| Reference | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
| CWE Id | 1021 |
| WASC Id | 15 |
| Plugin Id | 10020 |
|
Medium |
Parameter Tampering |
|---|---|
| Description |
Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.
|
| URL | http://127.0.0.1/?page=%00 |
| Method | GET |
| Parameter | page |
| Attack | |